|
247631
|
9.8 |
CRITICAL
Network
|
logitech
|
harmony_hub_firmware
|
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the lo…
|
CWE-287
Improper Authentication
|
CVE-2018-15721
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247632
|
9.8 |
CRITICAL
Network
|
logitech
|
harmony_hub_firmware
|
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-15720
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247633
|
7.4 |
HIGH
Network
|
vmware
|
spring_framework
|
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a mali…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2018-15801
|
2024-11-21 12:51 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247634
|
5.4 |
MEDIUM
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth r…
|
CWE-601
Open Redirect
|
CVE-2018-15798
|
2024-11-21 12:51 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247635
|
6.8 |
MEDIUM
Physics
|
dell
|
idrac7_firmware
idrac8_firmware
|
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vul…
|
NVD-CWE-noinfo
|
CVE-2018-15776
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247636
|
8.8 |
HIGH
Network
|
dell
|
idrac7_firmware
idrac8_firmware
idrac9_firmware
|
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated mali…
|
CWE-863
Incorrect Authorization
|
CVE-2018-15774
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247637
|
8.8 |
HIGH
Network
|
pivotal_software
|
cloud_foundry_uaa-release
|
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same user…
|
CWE-863
Incorrect Authorization
|
CVE-2018-15754
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247638
|
9.8 |
CRITICAL
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all d…
|
CWE-521
Weak Password Requirements
|
CVE-2018-15719
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247639
|
7.5 |
HIGH
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to username…
|
CWE-200
Information Exposure
|
CVE-2018-15718
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247640
|
5.3 |
MEDIUM
Network
|
opendental
|
opendental
|
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-15717
|
2024-11-21 12:51 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
